Both Russia and China are equipped to launch cyberattacks against US energy grids, which would have been deadly during the recent polar vortex cold snap in the Midwest, writes Paul Steidler, a senior fellow at the Lexington Institute, an Arlington, Va.-based public policy think tank. Government and industry must collaborate to create effective protections for a sector that is largely internet-based, making it extremely vulnerable to attacks, Steidler writes.

Related Summaries

At the BlueHat conference in Israel last week, Microsoft security engineer Matt Miller said Microsoft's improved security measures are protecting Windows users from hackers.
Miller said that patches and other specific security measures are preventing hackers from exploiting known security flaws, reducing the number of zero-day attacks.

The Department of Energy will fund what it is calling the Clean Energy Manufacturing Innovation Institute to determine areas of cybersecurity risk in the energy sector. "As the sector-specific agency for cybersecurity in the energy sector, it is our job to make sure energy technologies across the board are best prepared against cyberthreats," says Mark Menezes, undersecretary for energy.

After the longest shutdown in government history, cybersecurity workers are struggling to mitigate damage that has complicated their efforts to protect the US from a cyberattack. With the government now seen as less secure, it becomes not only a more attractive target for foreign governments, but also less appealing as an employer for cybersecurity experts, creating more far-reaching security woes given the already-problematic dearth of such workers.

Despite the 2016 Illinois State Board of Elections data breach, which allowed Russian hackers to access the voter registration database -- including personal information of more than 76,000 voters -- a watchdog has found that Chicago isn't prepared to prevent a similar hack in the 2020 elections. An audit found that Chicago has not inventoried the computers used in elections and has not had an audit or a risk assessment in a dozen years, making the machines especially vulnerable to cyberattacks.

State governments are a weak link in the fight against cyberattacks and need to do more to improve their cyberdefenses, writes Megan Reiss of the R Street Institute. State procurement decisions should focus on cybersecurity, and states should consider creative solutions to workforce shortages, such as volunteer cyberresponse forces, she adds.